Breached: Data stolen forum closed due to suspected FBI access
The underground forum “Breached”, frequented mostly by cybercriminals and security experts, was shut down by the remaining administrator. The FBI had previously arrested the operator of this large forum for peddling data. After that, the second administrator suspected that the authorities could gain access to the arrested person’s devices and thereby access to the Breachforum. Therefore, participation is no longer certain, so that the forum has now been taken offline.
According to media reports, US federal officials last week arrested the suspected operator of the data thief forum, nicknamed “Pompompurin”. The underground forum that Pompompurin allegedly owns and administers has hosted duplicate databases at around 1,000 companies and websites, often containing sensitive data such as names, email addresses and passwords. Cyber criminals offer the databases that can be used for fraud in the forum for sale.
After Raidforum also Breachforum at the end
The Breachforum is the successor to the Raidforum. Its operators were arrested about a year ago in a concerted Europol action, charged by the FBI and the forum shut down with the confiscation of servers and Internet domains. The breach forum was still accessible, but now the administrator “Baphomet” who remained after Pompompurin’s arrest has now closed it according to Bleepingcomputer.
Accordingly, Baphomet originally wanted to transfer the forum to a new infrastructure after Pompompurin’s arrest in order to protect it from possible access by the investigative authorities and thus the identities of the participants. However, this plan has now been abandoned after it emerged that officials had apparently been able to gain access to Pompompurin’s devices.
Inexplicable access at the end, Telegram as an alternative
During the Breachforum migration, Baphomet said it noticed that someone had logged into one of the servers before they could log in themselves. However, access to the servers was not shared with anyone else. From this, Baphomet concludes that someone has taken possession of Pompompurin’s devices and used them for access. This means that nothing is safe at the Breachforum, neither configuration nor source code nor user information. Therefore the forum was closed.
In its message, Baphomet refers to Breached’s Telegram channel, where the discussions can be continued. Telegram is a popular fallback option for cybercriminals because it allows new channels to be created quickly while others are just as quickly shut down. Some actors are becoming famous on Telegram for leaking data, offering stolen accounts and reporting on their cyberattacks.